Last active
July 13, 2023 12:57
-
-
Save kaiili/f062a5dd81b972c7c59a3d61e8ed77b3 to your computer and use it in GitHub Desktop.
查找 ruby sink点
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // send 需要2 参数可控 | |
| // public_send 需要 3 参数可控 | |
| // (1) todo 对参数本身的类型检查 | |
| // (2) todo 对方法本身的检查 | |
| // (3) 对 location的检查, 去除 _spec.rb, _example.rb, 直接删除然后构建 database | |
| import codeql.ruby.DataFlow | |
| from DataFlow::CallNode call | |
| where | |
| call.getNumberOfArguments() = 2 and | |
| call.getMethodName() = "send" | |
| select call, call.getArgument(0).toString() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment